houdini/spec/cve/cve_2014_2538_spec.rb

require 'rails_helper'
require "rack/ssl"
describe Rack::SSL do
  describe '.call' do
    it "invalid uri returns 404" do
      def test_invalid_uri_returns_404
        # Can't test this with Rack::Test because it fails on the URI before it
        # even gets to Rack::SSL. Other webservers will pass this URI through.
        ssl  = Rack::SSL.new(nil)
        resp = ssl.call('PATH_INFO' => "https://example.org/path/<script>")
        expect(resp[0]).to eq 404
      end
    end
  end
end
Initial commit. Previous history maintained by CommitChange 2018-03-25 17:30:42 +00:00			`require 'rails_helper'`
			`require "rack/ssl"`
			`describe Rack::SSL do`
			`describe '.call' do`
			`it "invalid uri returns 404" do`
			`def test_invalid_uri_returns_404`
			`# Can't test this with Rack::Test because it fails on the URI before it`
			`# even gets to Rack::SSL. Other webservers will pass this URI through.`
			`ssl = Rack::SSL.new(nil)`
			`resp = ssl.call('PATH_INFO' => "https://example.org/path/<script>")`
			`expect(resp[0]).to eq 404`
			`end`
			`end`
			`end`
			`end`